You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

What this program does:SpySheriff is a rogue anti-spyware application that uses
fake alerts and false positives as a goad into scaring you into purchasing their
software. This software is usually installed by Trojans that issue fake security
alerts in your Windows taskbar stating that you are infected with a variety
of malware. When you click on this warning, SpySheriff will be download and
installed and start scanning your system. The malware will also change your
Windows desktop to a black background with a warning message stating that your
computer is in danger.All of these warnings are being issued as a scare tactic
used to scam you into purchasing this software. Screenshots of the desktop background, SpySheriff software, and fake taskbar alerts are found below.

Your IP address is
192.168.1.100. Using this address a remote computer has gained anaccess
to your computer and probably is collecting the information about the sites
you've visited and the files contained in the folder Temporary Internet
Files. Attention! Ask for help or install the software for deleting secret
information about the sites you visited.

After hearing your computer beep once during startup, but before the
Windows icon appears, press F8.

Instead of Windows loading as normal, a menu should appear

Select the first option, to run Windows in Safe Mode.

When you are at the logon prompt, log in as the same user which you had done the previous steps.

When your computer has started in safe mode and you see the desktop.

Close all open Windows.

Now, double-click on the SmitFraudfix icon that should be residing on your
desktop.The icon will look like the one below:

When the tool first starts you will see a credits screen. Simply press
any key on your keyboard to get to the next screen.

You will now see a menu as shown in the image below. Press the number 2
on your keyboard and the press the enter key to choose the
option Clean (safe mode recommended).

The program will start cleaning your computer and go through a series of
cleanup processes. When it is done, it will automatically start the Disk Cleanup
program as shown by the image below.

This program will remove all Temp, Temporary Internet Files, and other files
that may be leftover files from this infection. This process
can take up to a few hours depending on your computer, so please be patient.
When it is complete, it will close automatically and you will should continue
with step 11.

When Disk Cleanup is finished, you will be presented with an option asking
Do you want to clean the registry ? (y/n). At this
screen you should press the Y button on your keyboard and
then press the enter key.

When this last routine is finished, you will be presented with a red screen
stating Computer will reboot now. Close all applications.You should now press the spacebar on your computer. A counter will appear
stating that the computer will reboot in 15 seconds. Do not cancel this countdown
and allow your computer to reboot.

Once the computer has rebooted, you will be presented with a Notepad screen
containing a log of all the files removed from your computer. Examine this
log, and when you are done, close the Notepad screen.

BleepingComputer.com can not be held responsible for problems that may occur
by using this information. If you would like help with any of these fixes, you
can post a HijackThis log in our HijackThis
Logs and Analysis forum.